I have a Rails app, which uses the gem Rails Let's Encrypt to generate SSL certificates for custom domains.
The gem is really simple to use. After the installation/configuration, I can generate a certificate and the data will be stored in the database.
I want to save the certificate CRT and the certificate KEY in the respective NGINX folder: /etc/nginx/ssl/
After that, I want to :
Copy the file
/etc/nginx/sites-available/defaultand save with name/etc/nginx/sites-available/customdomain.comChange the file
customdomain.comwith this:
Content:
server {
listen 80;
listen 443 ssl;
server_name www.customdomain.com;
ssl_certificate /etc/nginx/ssl/customdomain.crt;
ssl_certificate_key /etc/nginx/ssl/customdomain.key;
passenger_enabled on;
root /home/ubuntu/myapp/current/public;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript
gzip_disable "msie6";
location ^~ /assets/ {
expires max;
add_header Cache-Control public;
}
}
Create a link to this file in
sites-enabledwith this code:sudo ln -s /etc/nginx/sites-available/customdomain.com /etc/nginx/sites-enabled/Restart nginx:
sudo service nginx restart
I did these steps manually and the SSL works fine. How to do this programmatically?
Remember, the steps starts when, with Rails, I generate a certificate. There must be some way to execute these steps. I appreciate any help! Tks!
My environment:
ruby -v: ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-linux]
rails -v: Rails 4.2.3
nginx -v: nginx/1.8.0
passenger -v: Phusion Passenger version 5.0.10
Ubuntu 14.04.2 LTS
Amazon EC2 instance (without load balancer, because LB requires only one certificate in the https)
EDIT 1
Perhaps, there's a way using wildcard configuration. Rather than create one virtual host for each domain, I create only one file, like that:
/etc/nginx/sites-enabled/wildcard
In this file, I have a modification like that:
server_name {{customdomain_url}};
ssl_certificate /etc/nginx/ssl/{{customdomain}}.crt;
ssl_certificate_key /etc/nginx/ssl/{{customdomain}}.key;
If it is possible, is better, because the job is only save the certificate files. And will not require the nginx restart.
EDIT 2 - The way
I created a shell script in /user/local/bin/myscript.sh and, in this script, I create a vhost file in /etc/nginx/sites-available/ to test. In rails console, I run the code: sudo /user/local/bin/myscript.sh mydomain.com and the shell script create correctly the file.
It was a test, but works. I will to create the final version and post here the final solution.
